Ensure unattached disks are encrypted
Error: Unattached disks are not encrypted
Bridgecrew Policy ID: BC_AZR_GENERAL_34
Checkov Check ID: CKV2_AZURE_14
Severity: LOW
Unattached disks are not encrypted
Description
Encrypting your disks protect your data from unauthorized access or tampering. That way, you can ensure that only authorized users can access and modify the contents of your disks. Such action can help protect against external threats such as hackers or malware, as well as internal threats such as accidental or unauthorized access.
Fix - Buildtime
Terraform
- Resource: azurerm_resource_group, azurerm_managed_disk, azurerm_virtual_machine
- Argument: encryption_settings.encrypted
resource "azurerm_resource_group" "group" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_managed_disk" "managed_disk_good_1" {
name = "acctestmd"
location = "West US 2"
resource_group_name = azurerm_resource_group.group.name
storage_account_type = "Standard_LRS"
create_option = "Empty"
disk_size_gb = "1"
+ encryption_settings {
+ enabled = true
}
tags = {
environment = "staging"
}
}
resource "azurerm_virtual_machine" "virtual_machine_good_1" {
name = "$vm"
location = "location"
resource_group_name = azurerm_resource_group.group.name
network_interface_ids = ["id"]
vm_size = "Standard_DS1_v2"
storage_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04-LTS"
version = "latest"
}
storage_os_disk {
name = "myosdisk1"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_id = azurerm_managed_disk.managed_disk_good_1.id
}
}
Updated 3 months ago